[ntp:questions] NTP Mode 6 queries in 4.2.8p10

Philip Bellino PBellino at advaoptical.com
Mon Aug 12 10:27:32 UTC 2019


Hello,
I am running ntp-4.2.8p10.

I have a user who is complaining that we are responding to mode 6 requests as follows:

[www at eng ~]$ ntpq -c rv 192.xx.xx.xx
associd=0 status=0615 leap_none, sync_ntp, 1 event, clock_sync,
version="ntpd 4.2.8p10 at 1.3728<mailto:4.2.8p10 at 1.3728> Thu Jul 12 18:15:43 UTC 2018 (1)",
processor="ppc", system="Linux/2.6.22", leap=00, stratum=4,
precision=-12, rootdelay=43.665, rootdisp=89.247, refid=192.168.56.185,
reftime=e0f2824f.423d1b2d  Mon, Aug  5 2019  6:24:15.258,
clock=e0f289e9.82f3c482  Mon, Aug  5 2019  6:56:41.511, peer=32846,
tc=10, mintc=3, offset=-2.945153, frequency=6.130, sys_jitter=0.000000,
clk_jitter=0.993, clk_wander=0.149
[www at eng ~]$
I see that NTP Bug 3118 for CVE-2016-9310 was addressed in 4.2.8p9.

Forgive me for my lack of knowledge in this area, but does the above command and output still show the vulnerability?
If so, is the fix (as NTP Bug 3118  explains) to add "restrict default noquery" to the ntp.conf file?
If this is the fix, then all queries are shutoff, correct?

Thanks for any assistance you can provide.
Phil


More information about the questions mailing list